Microsoft Windows -Tipskins.dll Malformed HTML Null Pointer Dereference Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft  Windows Tipskins.dll
Date: 13/10/2011
Product: Microsoft Windows Vista/Seven Tipskins.dll
Vendor: Notified
Internal Id: MSRC 11642

We have discovered that the product “Microsoft Windows Vista/Seven Tipskins.dll” presents a big hole regarding a Remote NULL Pointer Dereference , crashing the application when you run special  code .

Vendor Statement:

Microsoft Security Response Center has investigated this issue and it results being a NULL pointer dereference. Based on this, this issue can’t be exploited to execute arbitrary code and it results in a stability bug. This issue will be considered to be resolved in a future release of Microsoft.

Remediation:

Microsoft is working to solve this error  for next version of Internet Explorer to address this stability issue.

Leave a Reply